HTTP Authentication ( by Apache ) is best/easiest/secure option. Or try cookie or session variables. Or use .htaccess file.
There are very easy examples in PHP Manual ( see related PHP functions ). I hope, you've already downloaded that. Or search Google.

try this
[webmasterworld.com...]

I think jatar_k's solution is what you're referring to, but to prevent included files from be loaded independantly, use something like this:

In a public page:

define('ACCESS',true);

In included files, use:

if (!defined('ACCESS')) {
exit;
}

Start a session and include per each page your authentication script ()
and do a {if!auth ... back to login}else encompass your page content in between the else { }
Of course I took many shortcuts but you have the basics

by doing so even if a page URL is bookmarked and called it won't work if not authenticated properly

is it if I add below script to begining of my page will be another solution for it?

if (!eregi("modules$PHP_SELF)) {
die ("You can't access this file directly...");

sorry, typing error. should be:

if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");

That could work, but regex functions are pretty slow. Why not just do what I mentioned above?

First line of all your accessible pages:

define('ACCESS',true);

First line of your protected pages (inlcudes):

if (!defined('ACCESS')) {
exit;
}